Method and system for securing data transmission in communication networks

ABSTRACT

A method and system for securing data transmission in communication networks is disclosed. The method includes the steps of allocating a sequence ID (SQID) to each of a plurality of packets. The SQID is embedded in an Internet Protocol (IP) header of an associated packet from the plurality of packets. The method further includes grouping the plurality of packets into at least one cluster based on at least one of a distance amongst at least one IP attribute associated with destination address of each of the plurality of packets and variance in IP attributes associated with destination address of each of the plurality of packets. The method includes transmitting each of the at least one cluster to an associated destination address. Each cluster in the at least one cluster includes a set of packets from the plurality of packets and at least a domain-name is same in destination address.

TECHNICAL FIELD

The present invention relates to communication networks. In particular,the present invention relates to a method and system for securing datatransmission in communication networks.

BACKGROUND

Communication networks are medium for data propagation from one deviceand/or cloud/datacenter to another device and/or cloud/datacenter.However, communication networks experience issues in data propagationthat may be related to network security and may include physical networksecurity, technical network security, and administrative networksecurity. Network security usually depends upon data sources, datahandling units, and residing units. Hence, there is still a need todevelop a system and method to provide complete network security.Additionally, the communication networks require improvement in terms oftransmission latency, jitter rate, or the like. When data beingtransmitted is large, data handling becomes difficult and is prone toerrors.

Today, various hacking methodologies are employed for stealing data evenfrom a secured network. Thus, data handling becomes more important thansecuring the communication network. Data handling and packet security incommunication networks, that are transacted manually without beingnoticed or in an uncontrollable manner, may include various problemssuch as a server-less application vulnerability, Internet-of-Things(IoT) based data threats, Artificial Intelligence (AI) empoweredattacks, and data leakage during the data handling.

In conventional methods, attackers may fetch an opportunity duringhandling part of the data. The conventional methods do not provide thedata security during transmission of the data among multiple devices andthey consider only a source and a destination for the network security.Additionally, the conventional methods do not solve the problem ofpackets vulnerability post determining the destination and the source.Therefore, these conventional methods do not add security to the packetsduring the transmission, as all the attackers usually target the datacomprising packets from registered devices or mimic them with anadvantage of virtualization.

SUMMARY

In one embodiment, a method for securing data transmission incommunication networks is disclosed. In one embodiment, the method mayinclude allocating a sequence ID (SQID) to each of a plurality ofpackets based on sequence associated with each of the plurality ofpackets. The SQID may be embedded in an Internet Protocol (IP) header ofan associated packet from the plurality of packets The method mayfurther include grouping the plurality of packets into at least onecluster based on at least one of a distance amongst at least one IPattribute associated with destination address of each of the pluralityof packets, and variance in IP attributes associated with destinationaddress of each of the plurality of packets. The method may furtherinclude transmitting each of the at least one cluster to an associateddestination address. It should be noted that each cluster in the atleast one cluster may comprise a set of packets from the plurality ofpackets, and at least a domain-name may be same in destination addressassociated with each of the set of packets.

In yet another embodiment, a system for securing data transmission incommunication networks is disclosed. The system includes a processor anda memory communicatively coupled to the processor, wherein the memorystores processor instructions, which, on execution, causes the processorto allocate a sequence ID (SQID) to each of a plurality of packets basedon sequence associated with each of the plurality of packets. The SQIDmay be embedded in an Internet Protocol (IP) header of an associatedpacket from the plurality of packets. The processor instructions furthercause the processor to group the plurality of packets into at least onecluster based on at least one of a distance amongst at least one IPattribute associated with destination address of each of the pluralityof packets, and variance in IP attributes associated with destinationaddress of each of the plurality of packets. The processor instructionsfurther cause the processor to transmit each of the at least one clusterto an associated destination address. It should be noted that eachcluster in the at least one cluster may comprise a set of packets fromthe plurality of packets, and at least a domain-name may be same indestination address associated with each of the set of packets.

In yet another embodiment, a non-transitory computer-readable mediumstoring computer-executable instruction for securing data transmissionin communication networks is disclosed. In one example, the storedinstructions, when executed by a processor, may cause the processor toperform operations including allocating a sequence ID (SQID) to each ofa plurality of packets based on sequence associated with each of theplurality of packets. The SQID may be embedded in an Internet Protocol(IP) header of an associated packet from the plurality of packets Theoperations may further include grouping the plurality of packets into atleast one cluster based on at least one of a distance amongst at leastone IP attribute associated with destination address of each of theplurality of packets, and variance in IP attributes associated withdestination address of each of the plurality of packets. The operationsmay further include transmitting each of the at least one cluster to anassociated destination address. It should be noted that each cluster inthe at least one cluster may comprise a set of packets from theplurality of packets, and at least a domain-name may be same indestination address associated with each of the set of packets.

It is to be understood that both the foregoing general description andthe following detailed description are exemplary and explanatory onlyand are not restrictive of the invention, as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute apart of this disclosure, illustrate exemplary embodiments and, togetherwith the description, serve to explain the disclosed principles.

FIG. 1 is a block diagram of a system for securing data transmission incommunication networks, in accordance with an embodiment.

FIG. 2 is a block diagram of various modules within a memory of a datasecurity device configured to secure data transmission in communicationnetworks, in accordance with an embodiment.

FIG. 3 is a flowchart of a method for securing data transmission incommunication network, in accordance with an embodiment.

FIG. 4 is a flowchart of a method for allocating Sequence Identifier(SQID) to each of the plurality of packets based on associated categoryIDs, in accordance with an embodiment.

FIG. 5 illustrates exemplary tables representing SQIDs, category IDs,cluster IDs assigned to various packets, in accordance with an exemplaryembodiment.

FIG. 6 illustrates a flowchart of a method for tracking deviated packetsduring data transmission, in accordance with an embodiment.

FIG. 7 illustrates a flowchart of a method for logging an error codeupon identification of a deviated packet, in accordance with anembodiment.

FIG. 8 illustrates a flowchart of a method for receiving anAcknowledgement (ACK) for each of a plurality of packets in each of atleast one cluster, in accordance with an embodiment.

FIG. 9 illustrates a block diagram of an exemplary computer system forimplementing embodiments consistent with the present disclosure.

DETAILED DESCRIPTION

Exemplary embodiments are described with reference to the accompanyingdrawings. Wherever convenient, the same reference numbers are usedthroughout the drawings to refer to the same or like parts. Whileexamples and features of disclosed principles are described herein,modifications, adaptations, and other implementations are possiblewithout departing from the spirit and scope of the disclosedembodiments. It is intended that the following detailed description beconsidered as exemplary only, with the true scope and spirit beingindicated by the following claims. Additional illustrative embodimentsare listed below.

In one embodiment, a system 100 for securing data transmission incommunication networks is illustrated in the FIG. 1. In an embodiment,the system 100 may be used to resolve a problem of data hacking bytracking packets independent of a source and a destination, using a datasecurity device 102. The data security device 102 tracks attacked orlost packets that move towards wrong destinations, proactively ratherthan reactively, thereby the data security device 102 generates asecured data. Examples of the data security device 102 may include, butare not limited to, a server, a desktop, a laptop, a notebook, anetbook, a tablet, a smartphone, a mobile phone, an application server,or the like.

The data security device 102 may include a memory 104, a processor 106,and a display 108. The data security device 102 provides details of apathway to an administrator intending to control vulnerability aftertracking the attacked packets. The details may include a packet speed, alocation, domain details, Internet protocol (IP) details, subnet, and aMedia Access Control (MAC) address associated with the attacked packets.The memory 104 and the processor 106 of the data security device 102 mayperform various functions including allocation of sequence IDs (SQID),determination of category IDs, packet encapsulation, a datatransmission, and identification of deviated packets. The memory 104 maystore instructions that, when executed by the processor 106, cause theprocessor 106 to transmit a cluster of packets and track the attackedpackets of the cluster during the data transmission in a particular way.The memory 104 may be a non-volatile memory or a volatile memory.Examples of non-volatile memory, may include, but are not limited to aflash memory, a Read Only Memory (ROM), a Programmable ROM (PROM),Erasable PROM (EPROM), and Electrically EPROM (EEPROM) memory. Examplesof volatile memory may include but are not limited to Dynamic RandomAccess Memory (DRAM), and Static Random-Access memory (SRAM).

The display 108 may further include a user interface 110. A user or theadministrator may interact with the data security device 102 and viceversa through the display 108. By way of an example, the display 108 maybe used to display results of analysis performed by the data securitydevice 102, to the user. By way of another example, the user interface110 may be used by the user to provide inputs to the data securitydevice 102.

As will be described in greater detail in conjunction with FIG. 2 toFIG. 9, in order to secure the data transmission, the data securitydevice 102 may extract a data from one or more of a plurality of sources112 (which may include sources 112 a, 112 b, 112 c to 112 n). Examplesof the plurality of sources 112 may include, but are not limited to adesktop, a laptop, a notebook, a netbook, a tablet, a smartphone, aremote server, a mobile phone, or another computing system/device. Theplurality of sources 112 may be communicatively coupled to the datasecurity device 102, via a network 114. The network 114 may be a wiredor a wireless network and the examples may include, but are not limitedto the Internet, Wireless Local Area Network (WLAN), Wi-Fi, Long TermEvolution (LTE), Worldwide Interoperability for Microwave Access(WiMAX), and General Packet Radio Service (GPRS).

Once the data is received, the data security device 102 may encapsulatea plurality of packets, associated with the received data, into acluster for the data transmission after allocating a category ID, anSQID, a cluster ID to each of the plurality of packets. Thereafter, thedata security device 102 may share the cluster with one or more of aplurality of destinations 116 (for example, destinations 116 a, 116 b,and/or 116 n). The data security device 102 may be operatively coupledto the plurality of destinations 116 via the network 114. Examples ofthe plurality of destinations 116 may include, but are not limited to adesktop, a laptop, a notebook, a netbook, a tablet, a smartphone, aremote server, a mobile phone, or another computing system/device.

Referring now to FIG. 2, a block diagram of various modules within thememory 104 of the data security device 102 configured to secure datatransmission in communication networks is illustrated, in accordancewith an embodiment. The memory 104 of the data security device 102 mayinclude various modules for performing multiple operations to providedata security, proactively, during transmission of a plurality packetsfrom multiple sources (for example, the plurality of sources 112) todestinations (for example, the plurality of destinations 116). Themodules within the memory 104 of the data security device 102 mayinclude a network switching module 202, a processing module 204, amemory module 206, a sequence tagging module 208, a packet encapsulatingmodule 210, a packet tracking module 212, a logging module 214, and anotifying module 216.

The network switching module 202 may be communicatively connected tomultiple sources (for example, the plurality of sources 112), theprocessing module 204, and the packet tracking module 212. The networkswitching module 202 may further receive a data transmitted by at leastone of the sources for triggering. In an embodiment, the networkswitching module 202 may be a networking hardware such as a switchinghub, bridging hub, or an official MAC bridge that may connect withmultiple source devices. In this case, the network switching module 202may be located outside the memory 104.

The network switching module 202 may further use a packet switchingoperation to receive and forward the data from at least one of thesources to at least one of the destinations (for example, the pluralityof destinations 116). The network switching module 202 may be amultiport network bridge that may use MAC addresses to forward the dataat a data link layer (layer 2) of an Open System Interconnection (OSI)model. Also, the network switching module 202 may forward the data at anetwork layer (layer 3) by additionally incorporating a routingfunctionality. The data may be transmitted to the processing module 204after the packet switching operation in a form of packets.

The processing module 204 may receive process requests from othermodules of the memory 104. With regards to the packets, the processingmodule 204 executes processes generated for encapsulation of a pluralityof packets. Apart from processing of the plurality of packets, variousoperations such as sequencing of the packets, aligning temporary addressto the packets may be performed by the processing module 204. Further,the processing module 204 may employ a kernel residing in house of anOperating System (OS) for the processing. The processing module 204 maybe responsible for handling a state of the memory module 206, where thepackets may be temporarily stored. In addition, the processing module204 may be responsible for notifying and logging that may be explainedfurther in conjunction to FIG. 7, based on a packet chain navigation.Thereafter, the processing module 204 transmits processed output resultsto the memory module 206.

The memory module 206 may receive the processed output results from theprocessing module 204 to store the same. Further, the memory module 206receives a request from the sequence tagging module 208. It should benoted that the memory module 206 is an integral part that stores all thepackets temporarily. The memory module 206 may use different types ofmemory sharing mechanisms, such that the packets that are ready todispatch may be stored temporarily for assigning tracking bits to thepackets. This memory module 206 may be allotted to the packets based onsome instances of a physical memory. Once the packets are dispatched,instances used by the packets get cleared from the memory module 206.Further, the memory module 206 may be a dynamic memory and may transmitthe packets along with network parameters to the sequence tagging module208.

The sequence tagging module 208 may be configured to receive the packetsand the processed outcome results stored in the memory module 206.Further, the sequence tagging module 208 may align the tracking bits tothe packets for determining a sequence associated with each of theplurality of packets and other details including different forms andstates of the packets. It may be noted that a three-way handshake ofTransmission Control Protocol (TCP) may be used by the sequence taggingmodule 208 to determine the sequence associated with the plurality ofpackets and to receive an acknowledgement. Further, the sources anddestinations may use two sets of numbers as a sequence number and anAcknowledgement (ACK) number, respectively.

In detail, the OS may generate the sequence number for each of theplurality of packets that may be shared with their respectivedestinations. Based on the sequence number, the destinations maytransmit the ACK number back to the sources. In other words, adestination uses the ACK number to acknowledge a source in order to senda payload (i.e., actual data). The sequence tagging module 208 mayfurther be configured to add a SQID to each of the plurality of packetsbased on the sequence associated with each of the plurality of packetsalong with the payload. The sequence tagging module 208 may beoperatively coupled to the packet encapsulating module 210 to transmitpackets tagged with SQID. The sequence tagging module 208 is placedbefore the encapsulating module 208 of a transport layer securityprotocol, where a packet framework encrypts the data and the protocol ismaintained by the TCP. Further, the sequence tagging module 208 isconfigured to send the packets tagged with SQID to the packetencapsulating module 210.

The packet encapsulating module 210 may be configured to receive thepackets tagged with SQID from the sequence tagging module 208. Further,the packet encapsulating module 210 may group the packets into a singleor multiple clusters depending upon at least one of a distance amongstat least one IP attribute associated with destination address of each ofthe plurality of packets and variance in IP attributes associated withdestination address of each of the plurality of packets. This may beperformed by generating a pool of packets to be launched by the TCP atthe source, post ACK of the sequence generated by the destination. Itshould be noted that the packet encapsulating module 210 generates thesingle or multiple clusters of the packets traveling from the source tothe destination.

Additionally, the packet encapsulating module 210 transmits aninformation about the clusters to the packet tracking module 212. Itshould be noted that encapsulation of the packets to form the clustersmay help in identifying a difference and the distance among theassociated packets and further to locate deviated packets. Further, thepacket encapsulating module 210 may be configured to determine relatedpackets belonging to same patterns. Hence, clustering of the packetsalso becomes easier to define the packets in a categorical form. Acategorical cluster helps in tracking mismatches of the packets during adata transmission. The packet encapsulating module 210 may be furtherconnected to the packet tracking module 212

The packet tracking module 212 is configured to receive the clusterscomprising the packets from the packet encapsulating module 210. Here,the packet tracking module 212 may receive a cluster and performtracking by releasing the packets of the cluster to a respective networkdestination processed through the network switching module 202. Thepacket tracking module 212 verifies the distance among the packets ofthe transmitted categorical cluster in order to identify the deviatedpackets from the cluster for security purpose. It may be noted that thepacket tracking module 212 monitors a transmission process of thepackets between the source and destination. Also, the packet trackingmodule 212 performs distance calculations for each of the plurality ofpackets based on SQIDs corresponding to the plurality of packets using amachine learning technique or any deep learning technique.

Further, a Euclidean distance technique or any other distancemeasurement technique may be used by the packet tracking module 212. Inan example, when a distance value increases beyond a pre-definedthreshold, the associated packets may get destroyed and the respectivecluster gets demolished before reaching a particular destination. Inother words, when the destination is spoofed, the associated packets getdestroyed in order to make communication secure. The cluster may use anIP header (IP HDR) for determining an actual system before sharingpayloads. The cluster, during the transmission, to the destination mayalso use the IP HDR. The packet tracking module 212 further transmitstracing details and events to the logging module 214.

The logging module 214 may receive the tracing details and the eventsfrom the packet tracking module 212. Once the packets get released, theymay be traced in the logging module 214, that may store navigationdetails of the packets traversing in the communication network. Further,the logging module 214 may generate a log file that may be examined andvalidated by the communication network for further analysis. The logfile may also be used for determining an incoming and outgoing networktraffic pattern. Additionally, the log file may be used to determinevulnerability and different times of attacks. The logging module 214 maycollect different hardware defects and issues associated with the sourceand destination of the communication network. It may be noted that thelogging module 214 may be accessed through the kernel using a SecureShell (SSH) for monitoring purpose. The logging module 214 may beoperatively coupled to the notifying module 216.

The notifying module 216 may integrate different error codes withdifferent sets of problem statements. A notification mechanism, used bythe notifying module 216, may help in error code initiation for aparticular issue that may require to be fixed. Based on an error codewise notification mechanism, hardware failures as well as softwarefailures may be monitored. It may be noted that the notificationmechanism helps an end user to perform basic checks such as powerissues, connectivity issues, and alerting issues. Further, the notifyingmodule 216 creates a new error code, in case the issues are logged infor a first time.

The data security device 102 uses a cluster-based transmission and thecluster includes an IP datagram header obtained from all similar packetsof a categorical cluster, which may help in determining cluster statesas well. The data security device 102 ensures elimination of an IPspoofing problem from the communication network and makes the associatedpackets alert from being spoofed.

Referring now to FIG. 3, a flowchart 300 of a method for securing datatransmission in communication network is illustrated, in accordance withan embodiment. At step 302, the data security device 102 may allocate anSQID to each of a plurality of packets based on sequence associated witheach of the plurality of packets. It may be noted that the SQID isembedded in an IP HDR of an associated packet from the plurality ofpackets. In some embodiments, the SQID may be used to determine an orderof packets based on a hierarchy as well as to maintain the hierarchyduring transmission of the packets. The SQID generated by the sequencetagging module 208 of the data security device 102 may be composed ofalphanumeric values, or Numeric values. The SQID may be tagged with theIP HDR while loading a payload. The SQID may be generated with six bitsin a sequential combination and increment operation. In an embodiment,SQIDs may be assigned to each of the plurality of packets based on aCategory ID associated with each of the plurality of packets. This isfurther explained in detail in conjunction with FIG. 4.

Thereafter, at step 304, the data security device 102 generates at leastone cluster by grouping the plurality of packets. It should be notedthat a unique cluster ID may be assigned to each of the at least onecluster. The at least one cluster may be generated based on at least oneof a distance amongst at least one IP attribute associated withdestination address of each of the plurality of packets and variance inIP attributes associated with destination address of each of theplurality of packets. The distance amongst the at least one IP attributeassociated with destination address of each of the plurality of packetsmay be a Euclidean distance. Further, the at least one IP attributeassociated with destination address of a packet from the plurality ofpackets may include an IP address, a class associated with the IPaddress, a subnet ID, a domain-name, and a unique reference keyassociated with the domain-name. The subnet ID and the domain-name maybe derived from the IP address.

In some embodiments, cluster IDs of the plurality of packets may bedetermined based on a destination. Further, clusters may be formed formultiple categorical packets as well as destination addresses. This mayhelp to sustain a packet transmission within a destination zone. Theclusters may be formed based on a distance technique where the pluralityof packets are classified based on the destination and application of asame network layer. Thus, a distance calculation is performed based on adifference in IP headers of the plurality of packets.

By way of an example, consider an IP header ‘X’ for one packet and foranother packet consider the IP header as ‘Y’. Now, using a Euclideandistance calculation, the distance between two paths associated with theIP headers ‘X’ and ‘Y’ may be determined. Similarly, distances among theIP headers of the plurality of packets may be determined. It may benoted that a major difference among the distances may further form aseparate cluster. Whereas, all the packets with minimal distances may beincluded in a single cluster. Further, the clusters may be assigned toeach of the categorical packets, however the packets may be a part of asame cluster for different categories.

At step 306, the data security device 102 transmits each of the at leastone cluster to an associated destination address. It should be notedthat each cluster in the at least one cluster may include a set ofpackets from the plurality of packets. Additionally, at least adomain-name is same in destination address associated with each of theset of packets. In some embodiments, the packets of same destinationwith different class may be grouped together to dispatch from a source(same as source 112 a, 112 b,112 c, and 112 n) to a destination (same asdestination 116 a, 116 b, and 116 n). This may help in deliveringmultiple packets of different category IDs at a single instance. Thus,reducing latency of transmission and improving other network parameters.

Referring now to FIG. 4, a flowchart 400 of a method for allocating SQIDto each of a plurality of packets based on associated category IDs isillustrated, in accordance with an embodiment. At step 402, a pluralityof category IDs associated with the plurality of packets may bedetermined. It may be noted that a category ID from the plurality ofcategory IDs is assigned to each of the plurality of packets. Thecategory IDs may be assigned based on at least one of an applicationspecific information and an associated IP header. In some embodiments,the plurality of packets may be classified using the category IDs basedon their respective source and destination. The category ID for each ofthe plurality of packets may be determined based on communicationprotocols as well as different frames. It may be noted that there may bedifferent types of frames, followed by different sets of protocols of anetwork. Further, the category IDs may be assigned based on an end IPheader information. It may be noted that the source and destinationshould be same for every class and the packets that need to be travelledrequire same set of associativity.

At step 404, a plurality of sets of packets may be identified. Each setin the plurality of sets may include packets that have the same categoryID. At step 406, a unique sequential set of SQIDs may be assigned topackets in each of the plurality of sets of packets. In someembodiments, the unique sequential set of SQIDs is assigned based on aFirst In, First Out (FIFO) technique. By way of an example, if there arethree such sets of packets, in each set, SQIDs may start from ‘1’ basedon FIFO technique. The detailed explanation for assigning the SQIDs toeach of the plurality of packets by the sequence tagging module 208 hasbeen provided in conjunction to FIG. 2.

Referring now to FIG. 5, exemplary tables representing SQIDs, categoryIDs, cluster IDs assigned to various packet are illustrated, inaccordance with an exemplary embodiment. A table 502 represents a packetheader and may include eight columns and one row as depicted in FIG. 5.The packet header may include an IP HDR address, an SQID, anEncapsulating Security Payload (ESP) HDR, an ORG IP HDR, a TCP HDR, adata, an ESP trailer, and an ESP hash key. It may be noted that thepacket header as depicted by the table 502 may be generated for each ofa plurality of packets. Further, a table 504 in FIG. 5 depictsallocation category IDs to packets. A first column of the table 504 mayrepresent a first packet payload (1100110110001010), a second packetpayload (0010110101011101), and a third packet payload(1100101001010110). A second column of the table 504 may include detailsof an application associated with the first, the second and the thirdpayload. Further, a third and a fourth column of the table 504represents IP header and category ID, respectively. The application, IPheader and category ID corresponding to the first packet payed areOracle_DB, 02111, CAT-121. Similarly, for the second and third packetpayloads, the application, IP header and category ID are Oracle_DB,02111, CAT-121, and MYSQL, 21200, CAT-122, respectively.

It has been discussed earlier that the cluster ID is assigned afterassigning the SQID and category ID to each of the plurality of packets.Allocation of cluster IDs is depicted by a table 506 that includes anadditional column of cluster ID, when compared to the table 504. Thecluster IDs corresponding to the first, second, and third packet payloadare CLS-1, CLS-1, and CLS-2, respectively as shown in the table 506. Itis clear from the table 506 that two different packet payloads ofdifferent category IDs may be assigned with a same cluster ID. Forexample, the first packet payload and second packet payload include twodifferent category IDs, i.e., CAT-121 and CAT-122, however they belongto the same cluster and include the same cluster ID, i.e., CLS-1.

Referring now to FIG. 6, a flowchart 600 of a method for trackingdeviated packets during data transmission is illustrated, in accordancewith an embodiment. At step 602, each of at least one cluster may betransmitted to an associated destination address. Each cluster in the atleast one cluster includes a set of packets from the plurality ofpackets. It may be noted that at least a domain-name is same indestination address associated with each of the set of packets. At step604, at least one deviated packet from an associated transmitted clustermay be identified. The identification may be performed based on at leastone IP attribute of each of the at least one deviated packet from IPattributes of remaining packets in the associated transmitted cluster,or change in transmission speed of each of the at least one deviatedpacket when compared to remaining packets in the associated transmittedcluster. A TCP IP protocol may handshake with the at least one deviatedpacket. In case the TCP IP protocol is blocked with firewall, then itmay be assumed as a lost packet.

At step 606, the at least one deviated packet may be tracked based on atleast one of the associated change in the distance of the at least oneIP attribute and change in the associated transmission speed. In someembodiments, post transmitting the cluster of packets to thedestination, the distance among the packets, may also be traced. Thismay help in identifying the deviated packet or any other issue regardingpacket loss in the communication networks. It should be noted that thedistance may be measured by using the Euclidean distance calculation asper a formula, given below in equation 1:Euclidean distance=sqrt((q1−p1)2+(q2−p2)2)   (1)

Based on the distance among the plurality of packets, the data securitydevice 102 may understand the vulnerability associated with theplurality of packets. Thus, it may be important to track the distanceamong the plurality of packets belonging to the same cluster. As thedistance associated with any packet of the cluster changes, the chancesof packet loss for that packet may increase.

Referring now to FIG. 7, a flowchart 700 of a method for logging anerror code upon identification of a deviated packet is illustrated, inaccordance with an embodiment. At step 702, at least one deviated packetmay be identified from an associated transmitted cluster, based on atleast one of a cluster ID of each of the at least one deviated packet,change in a distance of at least one IP attribute of each of the atleast one deviated packet from IP attributes of remaining packets in theassociated transmitted cluster, or change in transmission speed of eachof the at least one deviated packet when compared to remaining packetsin the associated transmitted cluster.

At step 704, an error code may be logged in response to identifying eachof the at least one deviated packet. It may be noted that the error codefor a deviated packet may include details associated with the deviatedpacket. The details may include at least one of an SQID of the deviatedpacket, destination address in the deviated packet, and an error ID. Thedetails may also be TCP IP handshake details, and multiconnection packetdetails. At step 706, the error code may be converted into a naturallanguage. The error code generation may be established by employingconnection protocols such as, but not limited to, a Serial AdvancedTechnology Attachment (SATA), an Integrated Drive Electronics (IDE), anIEEE-1394, a Universal Serial Bus (USB), an API connect or communicationbetween API's, a fiber channel, a Small Computer Systems Interface(SCSI), a STD Bus, an RS-232, an RS-422, an RS-485, an I2C, a SerialPeripheral Interface (SPI), a Microwire, a 1-Wire, an IEEE 1284, anIntel QuickPath Interconnect, an InfiniBand, and a Peripheral ComponentInterconnect Express (PCIe), using standard data connections means suchas wireless or wired.

In some embodiments, when the distance exceeds beyond a threshold, insuch case the error code may be generated. The error code may further beused for determining states of the deviated packets. Also, the errorcode may be used to detect the distance where the deviated packets arecurrently running through. Once the packets are deviated or lost, afinal distance from an actual destination may be detected andsubsequently the error code may be generated. The error code may help toprovide the details of the deviated packets, and using these details,the administrator may figure out the actual destination where thedeviated packets reside.

At step 708, a notification may be sent to an administrator based on thenatural language corresponding to the error code. In some embodiments, anotification mechanism for generating the notification may be used thatmay help in initiating the error code for a particular issue that needsto be fixed by engineers. Hardware failure as well as software failuresmay be monitored based on an error code wise notification mechanism.

Referring now to FIG. 8, a flowchart 800 of a method for receiving anACK for each of a plurality of packets in each of at least one clusteris illustrated, in accordance with an embodiment. At step 802, detailsassociated with each of the at least one cluster may be shared with anassociated destination. The details associated with a cluster mayinclude an SQID of each packet in the cluster and destination addressfor each packet in the cluster. At step 804, each of the at least onecluster may be transmitted to associated destination address. It may benoted that each cluster in the at least one cluster includes a set ofpackets from the plurality of packets and at least a domain-name is samein destination address associated with each of the set of packets. Atstep 806, an ACK may be received for each packet in each of the at leastone cluster.

The disclosed method and system may be supported by multipleapplications, wherein the system and method may be applicable fornetwork devices as well the switches, and hubs. The switches may use thepresent system and method for transmitting multiple packets at a singleinstance. This may help in reducing a time of execution and improvingthe service accordingly. Hence, latency in packet transmission may bereduced.

Additionally, the disclosed method and system may provide a solution fordata hacking or other issues such as hardware or software failure andthereby helps in reducing overall security issues, while transmitting adata. The proposed system and method focus on tracking a distancebetween packets during transmission of the packets from a source to adestination. Thereby, helps in lessening the overall security issues bycreating a chain of the packets, that may analyze every packet andassociated distance. Further, the system may generate an alert or anerror code for tracing vulnerability of network domain in order toenhance security during data transmission.

The disclosed method and system may be used in cloud projects as well asin integration projects to develop a data center infrastructure alongwith an application infrastructure. Moreover, the system may also beintegrated to an application-based software and cybersecurity projects,where a packet chain transmission method may provide huge benefits todetect untrusted network sources.

Referring now to FIG. 9, a block diagram of an exemplary computer system902 for implementing various embodiments is illustrated. Computer system902 may include a central processing unit (“CPU” or “processor”) 904.Processor 904 may include at least one data processor for executingprogram components for executing user or system-generated requests. Auser may include a person, a person using a device such as such as thoseincluded in this disclosure, or such a device itself. Processor 904 mayinclude specialized processing units such as integrated system (bus)controllers, memory management control units, floating point units,graphics processing units, digital signal processing units, etc.Processor 904 may include a microprocessor, such as AMD® ATHLON®microprocessor, DURON® microprocessor OR OPTERON® microprocessor, ARM'sapplication, embedded or secure processors, IBM® POWERPC®, INTEL'S CORE®processor, ITANIUM® processor, XEON® processor, CELERON® processor orother line of processors, etc. Processor 904 may be implemented usingmainframe, distributed processor, multi-core, parallel, grid, or otherarchitectures. Some embodiments may utilize embedded technologies likeapplication-specific integrated circuits (ASICs), digital signalprocessors (DSPs), Field Programmable Gate Arrays (FPGAs), etc.

Processor 904 may be disposed in communication with one or moreinput/output (I/O) devices via an I/O interface 906. I/O interface 906may employ communication protocols/methods such as, without limitation,audio, analog, digital, monoaural, RCA, stereo, IEEE-1394, serial bus,universal serial bus (USB), infrared, PS/2, BNC, coaxial, component,composite, digital visual interface (DVI), high-definition multimediainterface (HDMI), RF antennas, S-Video, VGA, IEEE 802.n /b/g/n/x,Bluetooth, cellular (for example, code-division multiple access (CDMA),high-speed packet access (HSPA+), global system for mobilecommunications (GSM), long-term evolution (LTE), WiMax, or the like),etc.

Using I/O interface 906, computer system 902 may communicate with one ormore I/O devices. For example, an input device 908 may be an antenna,keyboard, mouse, joystick, (infrared) remote control, camera, cardreader, fax machine, dongle, biometric reader, microphone, touch screen,touchpad, trackball, sensor (for example, accelerometer, light sensor,GPS, gyroscope, proximity sensor, or the like), stylus, scanner, storagedevice, transceiver, video device/source, visors, etc. An output device910 may be a printer, fax machine, video display (for example, cathoderay tube (CRT), liquid crystal display (LCD), light-emitting diode(LED), plasma, or the like), audio speaker, etc. In some embodiments, atransceiver 912 may be disposed in connection with processor 904.Transceiver 912 may facilitate various types of wireless transmission orreception. For example, transceiver 912 may include an antennaoperatively connected to a transceiver chip (for example, TEXAS®INSTRUMENTS WILINK WL1286® transceiver, BROADCOM® BCM4550IUB8®transceiver, INFINEON TECHNOLOGIES® X-GOLD 618-PMB9800® transceiver, orthe like), providing IEEE 802.6a/b/g/n, Bluetooth, FM, globalpositioning system (GPS), 2G/3G HSDPA/HSUPA communications, etc.

In some embodiments, processor 904 may be disposed in communication witha communication network 914 via a network interface 916. Networkinterface 916 may communicate with communication network 914. Networkinterface 916 may employ connection protocols including, withoutlimitation, direct connect, Ethernet (for example, twisted pair50/500/5000 Base T), transmission control protocol/internet protocol(TCP/IP), token ring, IEEE 802.11a/b/g/n/x, etc. Communication network914 may include, without limitation, a direct interconnection, localarea network (LAN), wide area network (WAN), wireless network (forexample, using Wireless Application Protocol), the Internet, etc. Usingnetwork interface 916 and communication network 914, computer system 902may communicate with devices 918, 920, and 922. These devices mayinclude, without limitation, personal computer(s), server(s), faxmachines, printers, scanners, various mobile devices such as cellulartelephones, smartphones (for example, APPLE® IPHONE® smartphone,BLACKBERRY® smartphone, ANDROID® based phones, etc.), tablet computers,eBook readers (AMAZON® KINDLE® ereader, NOOK® tablet computer, etc.),laptop computers, notebooks, gaming consoles (MICROSOFT® XBOX® gamingconsole, NINTENDO® DS® gaming console, SONY® PLAYSTATION® gamingconsole, etc.), or the like. In some embodiments, computer system 902may itself embody one or more of these devices.

In some embodiments, processor 904 may be disposed in communication withone or more memory devices (for example, RAM 926, ROM 928, etc.) via astorage interface 924. Storage interface 924 may connect to memory 930including, without limitation, memory drives, removable disc drives,etc., employing connection protocols such as serial advanced technologyattachment (SATA), integrated drive electronics (IDE), IEEE-1394,universal serial bus (USB), fiber channel, small computer systemsinterface (SCSI), etc. The memory drives may further include a drum,magnetic disc drive, magneto-optical drive, optical drive, redundantarray of independent discs (RAID), solid-state memory devices,solid-state drives, etc.

Memory 930 may store a collection of program or database components,including, without limitation, an operating system 932, user interfaceapplication 934, web browser 936, mail server 938, mail client 940,user/application data 942 (for example, any data variables or datarecords discussed in this disclosure), etc. Operating system 932 mayfacilitate resource management and operation of computer system 902.Examples of operating systems 932 include, without limitation, APPLE®MACINTOSH® OS X platform, UNIX platform, Unix-like system distributions(for example, Berkeley Software Distribution (BSD), FreeBSD, NetBSD,OpenBSD, etc.), LINUX distributions (for example, RED HAT®, UBUNTU®,KUBUNTU®, etc.), IBM® OS/2 platform, MICROSOFT® WINDOWS® platform (XP,Vista/7/8, etc.), APPLE® IOS® platform, GOOGLE® ANDROID® platform,BLACKBERRY® OS platform, or the like. User interface 934 may facilitatedisplay, execution, interaction, manipulation, or operation of programcomponents through textual or graphical facilities. For example, userinterfaces may provide computer interaction interface elements on adisplay system operatively connected to computer system 902, such ascursors, icons, check boxes, menus, scrollers, windows, widgets, etc.Graphical user interfaces (GUIs) may be employed, including, withoutlimitation, APPLE® Macintosh® operating systems' AQUA® platform, IBM®OS/2® platform, MICROSOFT® WINDOWS® platform (for example, AERO®platform, METRO® platform, etc.), UNIX X-WINDOWS, web interfacelibraries (for example, ACTIVEX® platform, JAVA® programming language,JAVASCRIPT® programming language, AJAX® programming language, HTML,ADOBE® FLASH® platform, etc.), or the like.

In some embodiments, computer system 902 may implement a web browser 936stored program component. Web browser 936 may be a hypertext viewingapplication, such as MICROSOFT® INTERNET EXPLORER® web browser, GOOGLE®CHROME® web browser, MOZILLA® FIREFOX® web browser, APPLE® SAFARI® webbrowser, etc. Secure web browsing may be provided using HTTPS (securehypertext transport protocol), secure sockets layer (SSL), TransportLayer Security (TLS), etc. Web browsers may utilize facilities such asAJAX, DHTML, ADOBE® FLASH® platform, JAVASCRIPT® programming language,JAVA® programming language, application programming interfaces (APis),etc. In some embodiments, computer system 902 may implement a mailserver 938 stored program component. Mail server 938 may be an Internetmail server such as MICROSOFT® EXCHANGE® mail server, or the like. Mailserver 938 may utilize facilities such as ASP, ActiveX, ANSI C++/C#,MICROSOFT .NET® programming language, CGI scripts, JAVA® programminglanguage, JAVASCRIPT® programming language, PERL® programming language,PHP® programming language, PYTHON® programming language, WebObjects,etc. Mail server 938 may utilize communication protocols such asinternet message access protocol (IMAP), messaging applicationprogramming interface (MAPI), Microsoft Exchange, post office protocol(POP), simple mail transfer protocol (SMTP), or the like. In someembodiments, computer system 902 may implement a mail client 940 storedprogram component. Mail client 940 may be a mail viewing application,such as APPLE MAIL® mail client, MICROSOFT ENTOURAGE® mail client,MICROSOFT OUTLOOK® mail client, MOZILLA THUNDERBIRD® mail client, etc.

In some embodiments, computer system 902 may store user/application data942, such as the data, variables, records, etc. as described in thisdisclosure. Such databases may be implemented as fault-tolerant,relational, scalable, secure databases such as ORACLE® database ORSYBASE® database. Alternatively, such databases may be implemented usingstandardized data structures, such as an array, hash, linked list,struct, structured text file (for example, XML), table, or asobject-oriented databases (for example, using OBJECTSTORE® objectdatabase, POET® object database, ZOPE® object database, etc.). Suchdatabases may be consolidated or distributed, sometimes among thevarious computer systems discussed above in this disclosure. It is to beunderstood that the structure and operation of the any computer ordatabase component may be combined, consolidated, or distributed in anyworking combination.

It will be appreciated that, for clarity purposes, the above descriptionhas described embodiments of the invention with reference to differentfunctional units and processors. However, it will be apparent that anysuitable distribution of functionality between different functionalunits, processors or domains may be used without detracting from theinvention. For example, functionality illustrated to be performed byseparate processors or controllers may be performed by the sameprocessor or controller. Hence, references to specific functional unitsare only to be seen as references to suitable means for providing thedescribed functionality, rather than indicative of a strict logical orphysical structure or organization.

In some embodiments, the techniques may employ a chain-based groupingand monitor data transmission irrespective of a source and a destinationproactively rather than reactively without departing from the spirit andscope of the disclosed embodiments. Unlike conventional systems, thepresent system improves efficiency, security, packet transmission speedas well as performance of the network. Further, the techniques describedabove may be employed in any kind of deep neural network (DNN) such asrecurrent neural network (RNN), convolutional neural network (CNN), orthe like. Moreover, the techniques may be easily deployed in anycloud-based servers for access and use as an ‘application as a service’by any computing device including mobile device. For example, the datasecurity device 102 may be implemented on a cloud-based server and usedfor securing data transmission in communication networks.

The specification has described method and system for securing datatransmission in communication networks. The illustrated steps are setout to explain the exemplary embodiments shown, and it should beanticipated that ongoing technological development will change themanner in which particular functions are performed. These examples arepresented herein for purposes of illustration, and not limitation.Further, the boundaries of the functional building blocks have beenarbitrarily defined herein for the convenience of the description.Alternative boundaries can be defined so long as the specified functionsand relationships thereof are appropriately performed. Alternatives(including equivalents, extensions, variations, deviations, etc., ofthose described herein) will be apparent to persons skilled in therelevant art(s) based on the teachings contained herein. Suchalternatives fall within the scope and spirit of the disclosedembodiments.

Furthermore, one or more computer-readable storage media may be utilizedin implementing embodiments consistent with the present disclosure. Acomputer-readable storage medium refers to any type of physical memoryon which information or data readable by a processor may be stored.Thus, a computer-readable storage medium may store instructions forexecution by one or more processors, including instructions for causingthe processor(s) to perform steps or stages consistent with theembodiments described herein. The term “computer-readable medium” shouldbe understood to include tangible items and exclude carrier waves andtransient signals, i.e., be non-transitory. Examples include randomaccess memory (RAM), read-only memory (ROM), volatile memory,nonvolatile memory, hard drives, CD ROMs, DVDs, flash drives, disks, andany other known physical storage media.

It is intended that the disclosure and examples be considered asexemplary only, with a true scope and spirit of disclosed embodimentsbeing indicated by the following claims.

What is claimed is:
 1. A method for securing data transmission incommunication networks, the method comprising: allocating, by a datasecurity device, a sequence ID (SAID) to each of a plurality of packetsbased on sequence associated with each of the plurality of packets,wherein the SAID is embedded in an Internet Protocol (IP) header of anassociated packet from the plurality of packets; grouping, by the datasecurity device, the plurality of packets into at least one clusterbased on at least one of: a distance amongst at least one IP attributeassociated with destination address of each of the plurality of packets;and variance in IP attributes associated with destination address ofeach of the plurality of packets; and transmitting, by the data securitydevice, each of the at least one cluster to an associated destinationaddress, wherein each cluster in the at least one cluster comprises aset of packets from the plurality of packets, and wherein at least adomain-name is same in destination address associated with each of theset of packets; wherein the at least one IP attribute associated withdestination address of a packet from the plurality of packets comprisesan IP address, a class associated with the IP address, a subnet ID, anda domain-name, wherein the subnet ID and the domain-name are derivedfrom the IP address.
 2. The method of claim 1, wherein allocating theSAID to each of the plurality of packets comprises: determining aplurality of category IDs associated with the plurality of packets,wherein a category ID from the plurality of category IDs is assigned toeach of the plurality of packets based on at least one of an applicationspecific information and an associated IP header; identifying aplurality of sets of packets, wherein each set in the plurality of setscomprises packets having the same category ID; and assigning a uniquesequential set of SQIDs to packets in each of the plurality of sets ofpackets, wherein the unique sequential set of SQIDs is assigned based ona First In, First Out (FIFO) technique.
 3. The method of claim 1,wherein the distance amongst the at least one IP attribute associatedwith destination address of each of the plurality of packets is aEuclidean distance.
 4. The method of claim 1 further comprisingassigning a unique cluster ID to each of the at least one cluster. 5.The method of claim 4, further comprising identifying at least onedeviated packet from an associated transmitted cluster, based on atleast one of a cluster ID of each of the at least one deviated packet,change in a distance of at least one IP attribute of each of the atleast one deviated packet from IP attributes of remaining packets in theassociated transmitted cluster, or change in transmission speed of eachof the at least one deviated packet when compared to remaining packetsin the associated transmitted cluster.
 6. The method of claim 5, furthercomprises tracking the at least one deviated packet, based on at leastone of the associated change in the distance of the at least one IPattribute and change in the associated transmission speed.
 7. The methodof claim 5, further comprises logging an error code in response toidentifying each of the at least one deviated packet, wherein the errorcode for a deviated packet comprises details associated with thedeviated packet, and wherein details comprise at least one of a SOD ofthe deviated packet, destination address in the deviated packet, and anerror ID.
 8. The method of claim 7, further comprising: converting theerror code to a natural language; and notifying an administrator basedon the natural language corresponding to the error code.
 9. The methodof claim 1, further comprising: sharing details associated with each ofthe at least one cluster with an associated destination, wherein thedetails associated with a cluster comprises a SQID of each packet in thecluster and destination address for each packet in the cluster; andreceiving an Acknowledgement (ACK) for each packet in each of the atleast one cluster.
 10. A system for securing data transmission incommunication networks, the system comprising: a processor; and a memorycommunicatively coupled to the processor, wherein the memory storesprocessor instructions, which, on execution, causes the processor to:allocate a sequence ID (SAID) to each of a plurality of packets based onsequence associated with each of the plurality of packets, wherein theSAID is embedded in an Internet Protocol (IP) header of an associatedpacket from the plurality of packets; group the plurality of packetsinto at least one duster based on at least one of: a distance amongst atleast one IP attribute associated with destination address of each ofthe plurality of packets; and variance in IP attributes associated withdestination address of each of the plurality of packets; and transmiteach of the at least one duster to an associated destination address,wherein each duster in the at least one duster comprises a set ofpackets from the plurality of packets, and wherein at least adomain-name is same in destination address associated with each of theset of packets; wherein the at least one IP attribute associated withdestination address of a packet from the plurality of packets comprisesan IP address, a class associated with the IP address, a subnet ID, anda domain-name, wherein the subnet ID and the domain-name are derivedfrom the IP address.
 11. The system of claim 10, wherein the processorinstructions further cause the processor to: determine a plurality ofcategory IDs associated with the plurality of packets, wherein acategory ID from the plurality of category IDs is assigned to each ofthe plurality of packets based on at least one of an applicationspecific information and an associated IP header; identify a pluralityof sets of packets, wherein each set in the plurality of sets comprisespackets having the same category ID; and assign a unique sequential setof SQIDs to packets in each of the plurality of sets of packets, whereinthe unique sequential set of SQIDs is assigned based on a First In FirstOut (FIFO) technique.
 12. The system of claim 10, wherein the distanceamongst the at least one IP attribute associated with destinationaddress of each of the plurality of packets is a Euclidean distance. 13.The system of claim 10, wherein the processor instructions further causethe processor to assign a unique cluster ID to each of the at least onecluster.
 14. The system of claim 13, wherein the processor instructionsfurther cause the processor to identify at least one deviated packetfrom an associated transmitted cluster, based on at least one of acluster ID of each of the at least one deviated packet, change in adistance of at least one IP attribute of each of the at least onedeviated packet from IP attributes of remaining packets in theassociated transmitted duster, or change in transmission speed of eachof the at least one deviated packet when compared to remaining packetsin the associated transmitted duster.
 15. The system of claim 14,wherein the processor instructions further cause the processor to trackthe at least one deviated packet, based on at least one of theassociated change in the distance of the at least one IP attribute andchange in the associated transmission speed.
 16. The system of claim 14,wherein the processor instructions further cause the processor to log anerror code in response to identifying each of the at least one deviatedpacket, wherein the error code for a deviated packet comprises detailsassociated with the deviated packet, and wherein details comprise atleast one of a SQID of the deviated packet, destination address in thedeviated packet, and an error ID.
 17. The method of claim 16, whereinthe processor instructions further cause the processor to: convert theerror code to a natural language; and notify an administrator based onthe natural language corresponding to the error code.
 18. The system ofclaim 10, wherein the processor instructions further cause the processorto; share details associated with each of the at least one duster withan associated destination, wherein the details associated with a clustercomprises a SQID of each packet in the cluster and destination addressfor each packet in the cluster; and receive an Acknowledgement (ACK) foreach packet in each of the at least one cluster.
 19. A non-transitorycomputer-readable medium for securing data transmission in communicationnetworks, having stored thereon, a set of computer-executableinstructions causing a computer comprising one or more processors toperform steps comprising: allocating a sequence ID (SAID) to each of aplurality of packets based on sequence associated with each of theplurality of packets, wherein the SAID is embedded in an InternetProtocol (IP) header of an associated packet from the plurality ofpackets; grouping the plurality of packets into at least one clusterbased on at least one of: a distance amongst at least one IP attributeassociated with destination address of each of the plurality of packets;and variance in IP attributes associated with destination address ofeach of the plurality of packets; and transmitting each of the at leastone cluster to an associated destination address, wherein each clusterin the at least one cluster comprises a set of packets from theplurality of packets, and wherein at least a domain-name is same indestination address associated with each of the set of packets; whereinthe at least one IP attribute associated with destination address of apacket from the plurality of packets comprises an IP address, a classassociated with the IP address, a subnet ID, and a domain-name, whereinthe subnet ID and the domain-name are derived from the IP address.